OSINT gatherers may understand the need for remote web isolation, but not the distinction between different breeds of isolation and how they can impact their organization and their mission.
Web browsers are our window to the internet. They provide a unified interface to access various web content with ease and simplicity. However, even experienced OSINT professionals may not understand how bad actors can use web browsers to infiltrate their devices, identify the intent of their research and disrupt their missions.
OSINT gatherers need to understand how their choice of web browser can put them at risk and how to secure browsing activities.
The majority of OSINT gatherers' work involves using web browsers to search for web content (in the three web layers: surface, deep, and dark web), downloading content and sometimes opening the downloaded files — such as PDF files — in the web browser window.
In this article, I will discuss the numerous advantages of using a remote, cloud-hosted, isolated web browser to access web content securely. However, before I begin, let me briefly explain the concept of a secure remote web browser and describe its three major types.
A secure browser is only the beginning of safe, effective OSINT research. Learn how Silo for Research, the digital investigations platform, provides cloud-based remote browsing, anonymity, collection and analysis tools, case tracking, audit, oversight and more. Start your free trial today >
What is remote browser isolation (RBI)?
As the name implies, a remote web browser runs in the cloud. However, there is some confusion when distinguishing remote web browsers from locally installed web browsers such as Chrome and Firefox. For instance, a remote web browser can be deployed using any of the following three settings:
1. Runs locally
In this type, the remote web browser will be installed on the end-user device within a sandbox. The web browser will run in a virtualized environment (virtual machine) installed on the end-user device. This deployment type is less secure because the sandbox used to run the web browser relies entirely on the computing resources of the end-user computer.
2. On-premises web browser
In this type, the remote web browser will reside within an organization network (using a dedicated server), and users will access the remote browser via the organization's internal network. This deployment is commonly used by organizations that need to provide controlled access to external resources.
3. Runs in the cloud
In this type, the remote web browser runs in an isolated cloud environment maintained by a cloud provider. However, there are two different approaches to isolation:
- Streaming: Also known as “pixel pushing,” this approach renders all web code in the remote cloud environment, and the user receives an interactive stream on their device. This approach physically separates a user's web browsing activities from their computing devices.
- DOM mirroring: Document object model (DOM) mirroring renders some parts of the web code in the cloud while other parts are allowed to render on the user’s device.
For OSINT gatherers, the streaming approach of cloud-based remote browser isolation is the most secure. It does not download any content to the end-user device or need to interact in any way with the underlying device operating system or organization network to deliver its functions. Instead, everything runs entirely in a remote, isolated environment controlled by the cloud provider.
This approach will also help OSINT researchers conceal their digital identity, as the IP address presented to a visited website will belong to the cloud provider. However, additional layers of obfuscation may be needed. For example, Authentic8’s digital investigation platform Silo for Research also allows users to select a regional point of presence from which to egress. The IP address of the egress node belongs to the data center, ISP or mobile provider related to that node. This helps users conceal their IP address as well as look like an average visitor to the site of interest and hop geofences that block access from certain regions.
Silo for Research also enables users to change their web agent, preventing external observers from tracking their web browsing history via digital fingerprinting techniques >
How do cloud-hosted web browsers work?
As we already said, a cloud-hosted web browser is the best option in terms of security because it runs entirely in a controlled cloud environment. Cloud web browser providers leverage virtualization technologies, such as virtual machines (VMs) or containers, to create isolated environments for each browsing session. This enhances the security and privacy of the end user device when browsing the web.
How do cloud-based remote web browsers help OSINT gatherers achieve privacy and security?
OSINT researchers will benefit significantly from utilizing cloud-based browsers when conducting OSINT research. Here are the main advantages of both privacy and security.
Improve privacy
- By using a cloud-based web browser, the end user device will not store any web tracking code, such as cookies, Etags or any temporary files that can be used later to track the user's access to the internet on their computing device. Everything will be stored in the remote browser's cloud and destroyed automatically after the user ends their browsing session. This disposable environment will effectively prevent any long-term tracking, which is crucial for OSINT gatherers.
- The cloud-hosted web browser will only render the webpage so the user can view it and interact with it. This helps protect end-user privacy as the web browser will not save or see the user's entered credentials (e.g., login information) when accessing protected websites.
- Cloud-based web browsers help OSINT gatherers achieve a great level of anonymity. For instance, the remote web browser will run on remote servers and thus use their IP address instead of the user's local IP address. This makes tracing the OSINT activities back to the user's device very difficult.
Learn more: See how managed attribution improves the efficiency and quality of your research in When touristic OSINT fails >
Improve security
- Suppose a user accessed a website containing malicious code, exploits or tracking scripts. This code would not run on the end user's device. Instead, it would run in an isolated environment, and nothing would reach the user’s computing device, preventing any potential damage or leak of sensitive information.
- Phishing attacks are a significant security problem when going online. Remote web browsers allow OSINT gatherers to open malicious emails, download and open malicious attachments and click on suspicious links without worrying about being infected with malware. This is because all their web browsing activities are executed within an isolated temporary environment.
- Cloud-hosted browsers prevent common cyberattacks against web browsers, such as drive-by downloads and exploit kits. For instance, threat actors exploit security vulnerabilities in web browsers and add-ons to infect target users with malware. By using a remote web browser, threat actors cannot leverage these techniques to attack users.
- To protect their servers and browsing environments, cloud-based browser providers generally implement advanced security practices, such as sandboxing, performing regular updates and enforcing strict access controls. This level of security is far better than those implemented on the end user's local device.
Aside from privacy and security considerations, cloud-based browsers offer another advantage for OSINT teams: scalability. This means teams can easily adjust their browsing resources based on the needs of an investigation. For instance, imagine a large-scale OSINT investigation involving multiple investigators. Cloud-based browsers allow the team to quickly increase the number of available browser instances to handle the workload. Once the investigation ends, they can scale down instantly to reduce unnecessary costs.
As we have seen, cloud-hosted web browsers provide significant privacy and security advantages to OSINT gatherers when they research their targets. For instance, they allow them to mitigate many prevalent cyberthreats, such as malware, cross-site scripting, phishing and drive-by downloads. As the browsing sessions run in isolated virtual environments, any malicious code or exploits encountered during the investigation are contained and do not reach the end user's device. This effectively ensures that the OSINT gatherer's local device remains unaffected.
In addition to maintaining security while researching online, cloud-hosted web browsers help OSINT gatherers conceal their real IP addresses. This allows them to mitigate various web tracking techniques like digital fingerprinting, cookies and Etags employed by external observers to monitor their web browsing activities.
Tags Anonymous research OSINT research Secure web access